Ubuntu
apache2 package

apache2 2.4.46-4ubuntu1.2 source package in Ubuntu

Changelog

apache2 (2.4.46-4ubuntu1.2) hirsute-security; urgency=medium

  * SECURITY UPDATE: request splitting over HTTP/2
    - debian/patches/CVE-2021-33193-pre1.patch: process early errors via a
      dummy HTTP/1.1 request as well in modules/http2/h2.h,
      modules/http2/h2_request.c, modules/http2/h2_session.c,
      modules/http2/h2_stream.c.
    - debian/patches/CVE-2021-33193-pre2.patch: sync with github standalone
      version 1.15.17 in modules/http2/h2_bucket_beam.c,
      modules/http2/h2_config.c, modules/http2/h2_config.h,
      modules/http2/h2_h2.c, modules/http2/h2_headers.c,
      modules/http2/h2_headers.h, modules/http2/h2_mplx.c,
      modules/http2/h2_request.c, modules/http2/h2_stream.h,
      modules/http2/h2_task.c, modules/http2/h2_task.h,
      modules/http2/h2_version.h.
    - debian/patches/CVE-2021-33193.patch: refactor request parsing in
      include/ap_mmn.h, include/http_core.h, include/http_protocol.h,
      include/http_vhost.h, modules/http2/h2_request.c, server/core.c,
      server/core_filters.c, server/protocol.c, server/vhost.c.
    - CVE-2021-33193
  * SECURITY UPDATE: NULL deref via malformed requests
    - debian/patches/CVE-2021-34798.patch: add NULL check in
      server/scoreboard.c.
    - CVE-2021-34798
  * SECURITY UPDATE: DoS in mod_proxy_uwsgi
    - debian/patches/CVE-2021-36160.patch: fix PATH_INFO setting for
      generic worker in modules/proxy/mod_proxy_uwsgi.c.
    - CVE-2021-36160
  * SECURITY UPDATE: buffer overflow in ap_escape_quotes
    - debian/patches/CVE-2021-39275.patch: fix ap_escape_quotes
      substitution logic in server/util.c.
    - CVE-2021-39275
  * SECURITY UPDATE: arbitrary origin server via crafted request uri-path
    - debian/patches/CVE-2021-40438-pre1.patch: faster unix socket path
      parsing in the "proxy:" URL in modules/proxy/mod_proxy.c,
      modules/proxy/proxy_util.c.
    - debian/patches/CVE-2021-40438.patch: add sanity checks on the
      configured UDS path in modules/proxy/proxy_util.c.
    - CVE-2021-40438

 -- Marc Deslauriers <email address hidden>  Thu, 23 Sep 2021 12:57:50 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Hirsute
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
httpd
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
apache2_2.4.46.orig.tar.gz 8.9 MiB 44b759ce932dc090c0e75c0210b4485ebf6983466fb8ca1b446c8168e1a1aec2
apache2_2.4.46-4ubuntu1.2.debian.tar.xz 894.2 KiB 15c1f3f5262daea55f4cc94b330733192f4696b6b01b38377f36e790b52357ab
apache2_2.4.46-4ubuntu1.2.dsc 3.3 KiB d28fe3a92795b2bb6b85ce09c94702bb14d5ab3b2f363cc9f2b7cb96b3fbe560

View changes file

Binary packages built by this source

apache2: No summary available for apache2 in ubuntu hirsute.

No description available for apache2 in ubuntu hirsute.

apache2-bin: No summary available for apache2-bin in ubuntu hirsute.

No description available for apache2-bin in ubuntu hirsute.

apache2-bin-dbgsym: No summary available for apache2-bin-dbgsym in ubuntu hirsute.

No description available for apache2-bin-dbgsym in ubuntu hirsute.

apache2-data: No summary available for apache2-data in ubuntu hirsute.

No description available for apache2-data in ubuntu hirsute.

apache2-dev: No summary available for apache2-dev in ubuntu hirsute.

No description available for apache2-dev in ubuntu hirsute.

apache2-doc: No summary available for apache2-doc in ubuntu hirsute.

No description available for apache2-doc in ubuntu hirsute.

apache2-ssl-dev: No summary available for apache2-ssl-dev in ubuntu hirsute.

No description available for apache2-ssl-dev in ubuntu hirsute.

apache2-suexec-custom: No summary available for apache2-suexec-custom in ubuntu hirsute.

No description available for apache2-suexec-custom in ubuntu hirsute.

apache2-suexec-custom-dbgsym: No summary available for apache2-suexec-custom-dbgsym in ubuntu hirsute.

No description available for apache2-suexec-custom-dbgsym in ubuntu hirsute.

apache2-suexec-pristine: No summary available for apache2-suexec-pristine in ubuntu hirsute.

No description available for apache2-suexec-pristine in ubuntu hirsute.

apache2-suexec-pristine-dbgsym: No summary available for apache2-suexec-pristine-dbgsym in ubuntu hirsute.

No description available for apache2-suexec-pristine-dbgsym in ubuntu hirsute.

apache2-utils: No summary available for apache2-utils in ubuntu hirsute.

No description available for apache2-utils in ubuntu hirsute.

apache2-utils-dbgsym: No summary available for apache2-utils-dbgsym in ubuntu hirsute.

No description available for apache2-utils-dbgsym in ubuntu hirsute.

libapache2-mod-md: No summary available for libapache2-mod-md in ubuntu hirsute.

No description available for libapache2-mod-md in ubuntu hirsute.

libapache2-mod-proxy-uwsgi: No summary available for libapache2-mod-proxy-uwsgi in ubuntu hirsute.

No description available for libapache2-mod-proxy-uwsgi in ubuntu hirsute.